Data Protection Academy » Data Protection News » Anonymisation of Internet data often not secure
Anonymisation of Internet data often not secure
In an interview with the German Press Agency, Ulrich Kelber (Federal Data Protection Commissioner) calls for more reliability and clarity with regard to anonymised Internet data. Often it is only pseudonymised data. This is not real protection. We explain the difference.
Background information on anonymization
The consent of processing personal data such as name or address is not required for anonymised data according to the European General Data Protection Regulation. According to recital 26 of the GDPR, anonymised data is personal data (e.g. date of birth, name, address) that can no longer be assigned to a specific person as a result of changes made. In short: anonymised data no longer allows the identification of a person.
What is the problem
In an interview with the Deutsche Presse Agentur, the Federal Data Protection Commissioner referred to a specific case: it was often unclear whether the use of data to be consented to was actually anonymised. For example, if users were asked when making online purchases whether they agreed to anonymised use of data for market research purposes. At the same time, Kelber admitted that there is currently still a lack of legal guidelines. Companies or data subjects would often not be able to assess the situation properly. Often, supposedly anonymized data are merely pseudonymised.
External Data Protection Officer
You are welcome to contact us as external data protection officer (DPO) order. We also offer individual consulting services as well as audits and will be happy to provide you with a non-binding offer. You can find more information about our external data protection officers on our website.
Anonymisation / Pseudonymisation: what is the difference?
Anonymised data is information that cannot be related to an identified or identifiable natural person (Recital 26, GDPR). Anonymisation therefore means that a person is no longer identifiable. We have elaborated on the following further questions in our data protection wiki: When is data really anonymous? How can I anonymise data? Learn more about anonymised data in the wiki.
pseudonymisation is the processing of personal data in the sense that personal data can no longer be attributed to a specific person without the need for additional information. Learn more about pseudonymised data in the wiki.
The most important difference between anonymisation and pseudonymisation is that pseudonymised data can be assigned to a natural person, provided that further information is available. This is not possible with anonymised data. Anonymised data is therefore much more secure in terms of data protection.
Ulrich Kelber to the Deutsche Presse Agentur:
“Wenn Daten wirklich anonymisiert wären, bräuchte es gar keine Einwilligung zu einer anonymen Nutzung, denn dann wären es keine personenbezogenen Daten mehr.”
Source: Data protection officer Ulrich Kelber to dpa (trade journal)
Do you have specific questions about data protection or would you like professional advice? Our data protection experts are there for you throughout Germany! Come to us!
- COVID-19 and data protection - March 25, 2020
- Data protection in the USA - part 3 of the delegation visit - December 6, 2019
- Data protection in the USA - part 2 of the delegation visit - December 3, 2019